相关信息
aaa.xxx.com为Matrix服务端域名,bbb.xxx.com为Element客户端域名,ccc.xxx.com为Coturn视频语音通话端域名。/root/matrix/ ├── docker-compose.yml ├── synapse/ │ └── homeserver.yaml ├── coturn/ │ └── turnserver.conf └── element/ │ └── config.json └── postgres/ │ └── postgres.env └── caddy/ └── Caddyfile
bashwget -qO- get.docker.com | bash
bashcurl -L https://github.com/docker/compose/releases/download/v2.33.1/docker-compose-linux-aarch64 | sudo tee /usr/local/bin/docker-compose >/dev/null && sudo chmod +x /usr/local/bin/docker-compose
bashcurl -L https://github.com/docker/compose/releases/download/v2.33.1/docker-compose-linux-x86_64 | sudo tee /usr/local/bin/docker-compose >/dev/null && sudo chmod +x /usr/local/bin/docker-compose
bashdocker -v && docker-compose -v
jsmkdir -p /root/matrix/{synapse,element,coturn,caddy,postgres} cd /root/matrix
jsdocker run -it --rm \
-v ~/matrix/synapse:/data \
-e SYNAPSE_SERVER_NAME=aaa.xxx.com \
-e SYNAPSE_REPORT_STATS=yes \
matrixdotorg/synapse:latest generate
提示
aaa.xxx.com是你的Matrix服务端的域名,例如:server.aaa.com
homeserver.yaml。以下是它的基本配置。yaml# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "aaa.xxx.com" #这是你的Matrix服务端的域名
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
bind_addresses: ['0.0.0.0']
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: sqlite3
args:
database: /data/homeserver.db
log_config: "/data/aaa.xxx.com.log.config"
media_store_path: /data/media_store
registration_shared_secret: "yfQVaUU-TyxzcZ,VDgmSNBsY@Y4iOFGDx+&Q3S-ik2R7erA9F2"
report_stats: true
macaroon_secret_key: "C4+vgk+TB6B.#R=@z&~Q.&#pDlB~8IF0W_1vA_Y7#uGL#O@&6L"
form_secret: "HFjb38fVLtb~@I,x,XjrfX&T=x2YHSQBt^rLP5pzmfOJlJ,GKu"
signing_key_path: "/data/aaa.xxx.com.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
# vim:ft=yaml
yaml# Configuration file for Synapse.
#
# This is a YAML file: see [1] for a quick introduction. Note in particular
# that *indentation is important*: all the elements of a list or dictionary
# should have the same indentation.
#
# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
#
# For more information on how to configure Synapse, including a complete accounting of
# each option, go to docs/usage/configuration/config_documentation.md or
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
server_name: "server.xxx.com"
pid_file: /data/homeserver.pid
listeners:
- port: 8008
tls: false
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
database:
name: psycopg2 # 使用 PostgreSQL 数据库
args:
user: "admin" # 数据库用户名,与 docker-compose 用户名一致
password: "passwd" # 数据库密码,与 docker-compose 密码一致
database: synapse # 数据库名称
host: postgres # PostgreSQL 服务的网络,与 docker-compose 服务名一致
port: 5432 # PostgreSQL 默认端口
cp_min: 5
cp_max: 10
keepalives_idle: 30
keepalives_interval: 10
keepalives_count: 3
log_config: "/data/server.xxx.com.log.config"
media_store_path: /data/media_store
registration_shared_secret: "g*XDsB63W589IB8m,e8FU7n;Zqg8^ISxvi*xU&4:rGSbUi=63,"
report_stats: true
macaroon_secret_key: "d7f2R:+-&,rd9p1XXlOu@k7g;wy;wMC9Dy==&z@8:ZQ;#iiea;"
form_secret: "eH+_^h*nxNzQ6*g;em7I1Re1^7Iy,eSum44+#C+Rd^^_f:EW_K"
signing_key_path: "/data/server.xxx.com.signing.key"
trusted_key_servers:
- server_name: "matrix.org"
# 客户端相关的配置
client:
enable_message_pushing: true # 启用消息推送功能
enable_file_transfer: true # 启用文件传输功能
# 最大文件上传限制,单位为字节(1GB)
max_upload_size: 1073741824
# 安全配置
security:
enforce_https: true # 强制使用 HTTPS 协议
# 设置公开的 URL 地址,供客户端访问
public_baseurl: "https://server.xxx.com"
# 是否允许通过 .well-known 文件发现服务器配置
serve_server_wellknown: true
# 是否启用 URL 预览功能(比如链接中显示内容摘要)
url_preview_enabled: false
# 显示管理员用户名地址,确保服务器已经有管理员账户。
admin_users:
- "@admin:server.xxx.com"
# 注册相关设置
# 是否允许用户注册,true=允许,false=禁止
enable_registration: false
# 是否允许未验证的用户注册。true=允许未验证的注册,false=禁止未验证的注册
enable_registration_without_verification: false
# 用户在注册时必须提供以下所有类型的 3PID。
registrations_require_3pid:
- email
#设置发送邮件的SMTP服务
email:
smtp_host: "smtp.gmail.com" # SMTP 服务器地址,例如邮件服务器的主机名或 IP
smtp_port: 587 # SMTP 服务器端口,通常 587 是用于 TLS 加密的端口
smtp_user: "[email protected]" # SMTP 用户名,通常是你邮箱的地址
smtp_pass: "xxxx xxxx xxxx xxxx" # SMTP 密码,可以是邮箱的密码或应用专用密码
notif_from: "Your Friendly %(app)s homeserver <[email protected]>" # 邮件通知的发件人名称和地址,%(app)s 是占位符,会被实际应用名称替换
app_name: "Element" # 你的应用程序名称,用于邮件和通知中显示
notif_for_new_users: false # 是否为新用户启用通知,false 表示不启用
client_base_url: "http://server.xxx.com" # 客户端的基础 URL,通常指 Element 的地址
validation_token_lifetime: 15m # 验证令牌的有效期,15 分钟后失效
invite_client_location: "https://chat.xxx.com" # 邀请客户端的链接,通常指 Element 的 Web 客户端链接
enable_notifs: true # 是否启用邮件通知功能
smtp_debug: true # 启用调试模式,帮助排查邮件发送问题
# 邮件主题的模板设置,%(app)s、%(person)s 和 %(room)s 都是占位符,会在发送时替换为实际的应用名称、用户和房间信息
subjects:
message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..." # 来自某人在特定房间的消息
message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..." # 来自某人的消息
messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..." # 来自某人的多条消息
messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..." # 特定房间中的消息
messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..." # 特定房间及其他地方的消息
messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..." # 来自某人及其他地方的消息
invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..." # 邀请加入某个房间的通知
invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..." # 邀请聊天的通知
password_reset: "[%(server_name)s] Password reset" # 密码重置邮件的主题
email_validation: "[%(server_name)s] Validate your email" # 邮件验证的主题
# 配置 TURN 服务器用于语音视频通话的支持
turn_uris:
- "turn:turn.xxx.com:3478?transport=tcp" # TCP TURN 服务器
- "turn:turn.xxx.com:3478?transport=udp" # UDP TURN 服务器
- "turns:turn.xxx.com:5349?transport=tcp" # 加密的 TCP TURN 服务器
# TURN 服务器的共享密钥,与 Coturn 配置中的 static-auth-secret 相同
turn_shared_secret: "static-auth-secret"
# TURN 用户的生命周期。 设置24h
turn_user_lifetime: 24h
# vim:ft=yaml
提示
切换成英文输入法,修改好之后,按一下 esc,然后 :wq 保存退出
docker-compose.yaml文件bashcd /root/matrix
nano docker-compose.yaml
yamlservices:
coturn:
image: coturn/coturn:latest
container_name: "coturn"
restart: unless-stopped # 自动重启容器(除非手动停止)
user: root # 这里设置为 root 用户
command: /bin/sh -c "turnserver -c /etc/turnserver.conf -v"
volumes:
- './coturn/turnserver.conf:/etc/turnserver.conf' # 配置文件
- './coturn/data:/var/run'
- './caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/turn.xxx.com/turn.xxx.com.crt:/etc/ssl/certs/turn.xxx.com.crt'
- './caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/turn.xxx.com/turn.xxx.com.crt:/etc/ssl/certs/turn.xxx.com.key'
ports:
- "3478:3478" # 公开 TURN 服务的端口
- "3478:3478/udp"
- "5349:5349" # 公开 TURN 服务的 TLS 端口
- "5349:5349/udp"
- "49152-49252:49152-49252/tcp"
- "49152-49252:49152-49252/udp"
networks:
- matrix_network
postgres:
image: postgres:latest
container_name: postgres
restart: unless-stopped # 自动重启容器(除非手动停止)
volumes:
- './postgres/data:/var/lib/postgresql/data' # 持久化存储
env_file:
- ./postgres/postgres.env
networks:
- matrix_network
synapse:
image: matrixdotorg/synapse:latest # 使用最新版本的 Synapse 镜像
container_name: synapse # 容器名称
depends_on:
- postgres
restart: unless-stopped # 自动重启容器(除非手动停止)
ports:
- 8008:8008 # 将主机的 8008 端口映射到容器的 8008 端口
volumes:
- './synapse:/data' # 将当前目录下的 synapse 文件夹挂载到容器中的 /data 目录
environment: # 设置环境变量
VIRTUAL_HOST: "server.xxx.com" # 虚拟主机域名(供反向代理使用)
VIRTUAL_PORT: 8008 # 虚拟主机端口
LETSENCRYPT_HOST: "server.xxx.com" # 用于生成 SSL 证书的域名
SYNAPSE_SERVER_NAME: "server.xxx.com" # Synapse 服务器域名
SYNAPSE_REPORT_STATS: "yes" # 是否上报匿名统计信息(建议保留为 "yes")
networks:
- matrix_network
synapse-admin:
image: awesometechnologies/synapse-admin:latest
container_name: "synapse-admin"
restart: unless-stopped
depends_on:
- synapse # 确保 synapse 先启动
ports:
- "8080:80"
environment:
- REACT_APP_SERVER=https://server.xxx.com # 指定你的 Synapse 服务器的 URL
- REACT_APP_ADMIN_USERNAME= admin # 管理员用户名
- REACT_APP_ADMIN_PASSWORD= "passwd" #管理员密码
networks:
- matrix_network
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
environment:
- ACME_AGREE=true # 同意 ACME 证书协议
- [email protected] # 用来接收证书相关的通知
- CADDY_ACME_CA_URL=https://acme.zerossl.com/v2/DV90 # 强制使用 ZeroSSL
volumes:
- './caddy/Caddyfile:/etc/caddy/Caddyfile' # Caddy 配置文件
- './caddy/data:/data' # 存储 Caddy 证书和配置文件
- './caddy/config:/config' # Caddy 配置目录
ports:
- "80:80" # HTTP 用于 ACME 认证
- "443:443" # HTTPS 访问
networks:
- matrix_network
element-web:
image: vectorim/element-web
container_name: element-web
depends_on:
- caddy # 确保 Caddy 启动后再启动 Element
restart: unless-stopped # 自动重启容器(除非手动停止)
ports:
- '8009:80' # 将主机的 8009 端口映射到容器的 80 端口
volumes:
- './element-web/config.json:/app/config.json' # 配置文件挂载
networks:
- matrix_network
networks:
matrix_network:
driver: bridge
json{
"default_server_config": {
"m.homeserver": {
"base_url": "https://server.xxx.com",
"server_name": "server.xxx.com"
},
"m.identity_server": {
"base_url": "https://vector.im"
}
},
"brand": "Element",
"integrations_ui_url": "https://scalar.vector.im/",
"integrations_rest_url": "https://scalar.vector.im/api",
"integrations_widgets_urls": [
"https://scalar.vector.im/_matrix/integrations/v1",
"https://scalar.vector.im/api",
"https://scalar-staging.vector.im/_matrix/integrations/v1",
"https://scalar-staging.vector.im/api",
"https://scalar-staging.riot.im/scalar/api"
],
"disable_custom_urls": false,
"disable_guests": false,
"disable_login_language_selector": false,
"disable_3pid_login": false,
"defaultCountryCode": "CN",
"showLabsSettings": true,
"features": {
"feature_pinning": "labs",
"feature_custom_status": "labs",
"feature_custom_tags": "labs",
"feature_state_counters": "labs"
},
"turn": {
"urls": [
"turn:turn.xxx.com:3478?transport=tcp",
"turn:turn.xxx.com:3478?transport=udp",
"turns:turn.xxx.com:5349?transport=tcp"
]
}
}
js# 为第一个域名配置
server.xxx.com {
encode gzip
reverse_proxy ip:8008
tls admin@gmail.com {
ca https://acme.zerossl.com/v2/DV90
}
}
# 为第二个域名配置
chat.xxx.com {
encode gzip
reverse_proxy ip:8009
tls admin@gmail.com {
ca https://acme.zerossl.com/v2/DV90
}
}
# 为第三个域名配置
turn.xxx.com {
encode gzip
reverse_proxy ip:5349
tls admin@gmail.com {
ca https://acme.zerossl.com/v2/DV90
}
}
# 为第四个域名配置
admin.xxx.com {
encode gzip
reverse_proxy ip:8080
tls admin@gmail.com {
ca https://acme.zerossl.com/v2/DV90
}
}
conf# 监听所有网络接口的地址,或者服务器外网地址 listener-address=0.0.0.0 #中继地址,或者容器内网地址 relay-address=0.0.0.0 # 显式指定监听 IP 地址(如果有多个网络接口的话) #listener-ip=host # 服务器外网 IP 地址 # 显式指定中继 IP 地址 #relay-ip=172.18.0.3 # 内网 IP 地址(或相应的地址) # TURN 服务的标准端口 listening-port=3478 # 用于 TLS 的 TURN 端口 tls-listening-port=5349 # 设置总的最大会话数限制 total-quota=100 # 你的公网 IP 地址,外部用户连接时将使用这个 IP external-ip=host # 设置 TURN 服务器的域名(通常是你的服务器的域名或 IP)) realm="turn.xxx.com" server-name="turn.xxx.com" # 使用静态认证秘钥进行身份验证 use-auth-secret # 静态认证密钥。与 homeserver 配置中的 static-auth-secret 相同,用于身份验证 static-auth-secret="x#Ep%=pd=_pQ=91EgKyzCgnv9ri__GLj?aAH" # 启用长期凭证机制(长期认证) #lt-cred-mech # 设置 TURN 用户名和密码,格式为 用户名:密码 #user="admin":"static-auth-secret" # 创建 PID 文件,如果 /var/run/ 不可写,可以修改为 /var/tmp/turnserver.pid pidfile=/var/run/turnserver.pid # 设置 CLI 管理密码,用于 Telnet CLI 接口 cli-ip=127.0.0.1 cli-port=5766 cli-password="password" # 启用 TURN 数据包的指纹,以便进行身份验证 fingerprint # 允许使用过期的 nonce 值,防止 replay 攻击 stale-nonce # 禁止本地回环地址作为 TURN 服务器的对端 #no-loopback-peers # 禁止多播地址作为 TURN 服务器的对端 no-multicast-peers # 禁止使用 TCP 中继,强制使用 UDP no-tcp-relay # 禁止使用 TLS 1.0 协议 no-tlsv1 # 禁止使用 TLS 1.1 协议 no-tlsv1_1 # 配置用于处理复杂的 NAT 类型,允许服务器在穿越 NAT 时更准确地发现目标地址。启用此功能有助于解决一些特殊的 NAT 配置问题。 #xor-mapped-address # 用户数据库文件的路径 userdb=/var/db/turndb # 允许 TURN 服务器同时处理多个客户端请求,启用多线程处理。 #multi-threaded # 设置 TURN 服务器使用的线程数量 #num-threads=4 # 端口范围(需在防火墙中放行) min-port=49152 max-port=49252 # 证书路径 # 设置证书文件路径 cert="/root/matrix/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/turn.xxx.com/turn.xxx.com.crt" # 设置私钥文件路径 pkey="/root/matrix/caddy/data/caddy/certificates/acme.zerossl.com-v2-dv90/turn.xxx.com/turn.xxx.com.key"
postgres.env配置文件envLC_CTYPE=C LC_COLLATE=C POSTGRES_INITDB_ARGS="-E UTF8" POSTGRES_USER: "admin" POSTGRES_PASSWORD: "password" POSTGRES_DB: synapse
jsdocker compose up -d
js#进入synapse容器
docker exec -it synapse /bin/bash
#创建用户
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008 -u name -p password
#创建管理员
register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008 -u admin -p "password" --admin
本文作者:我本无罪
本文链接:
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!